JEP 411: Deprecate the Security Manager for Removal

[Vasiliy Yashkov]

Hi!

In JDK 17 the Security Manager has been marked for removal. It is planned to be removed permanently in a future version https://openjdk.java.net/jeps/411. 

The security manager is also used in Jaybird in monitoring operator execution and setting network timeout and in FBJava plugin.

What do you think about removing it? Is there any point in replacing it with something else?

Vasiliy

[Mark Rotteveel]

Currently JDBC requires SecurityManager checks in some places, so until
SecurityManager is really removed, or when JDBC requirements change,
there is nothing that needs to change now (though I will consider simply
removing some of the security manager checks in Jaybird 5, as to be
frank, the primary reason JDBC has it is because of applets...).

As far as I understand from the JEP, they will first degrade the API
(e.g. by never giving access to the security manager, or always allowing
operations) before SecurityManager is really removed.

I am not planning on using something else, so when SecurityManager is
really removed, usage of SecurityManager will simply be removed, without
a replacement.

Above remarks only applies to Jaybird itself, I can't speak for the
needs and requirements of FB/Java.

Mark
--
Mark Rotteveel